The main job of a Digital Forensics Specialist is to perform recovery and investigation of material found in digital devices. The Digital Forensics Specialist has a technical background and has to be able to apply knowledge of computer forensic principles in the identification and collection of digital evidence.

Forensic Track: Basic Course

Auto Enrol


Objective

The Digital Forensics officer must have a technical background and practical knowledge ofcomputer forensic principles for identification and collection of digital evidence.

The basic level course for Incident Responder's track shall help the Law Enforcement Agencies gain an understanding of following subjects:

  1. Different types of cyber crimes.
  2. What is Digital evidence and analysis of digital Evidence.
  3. How to preserve the integrity of digital evidence, admissibility of digital evidence in court of law and maintaining the chain of custody.
  4. Familiarity with different operating systems and applications and file structures.
  5. Whatis digital forensics and different phases of digital forensics – Identification, Preservation, Acquisition, Authentication and Documentation, also known as IPAAD.
  6. Standard Operating Procedure for digital forensic process in Indian context.
  7. Importance of documentation and the documents to be submitted with digital evidence.
  8. Knowledge of relevant commercial and open-source digital forensics tools such as EnCase, FTK Imager etc.
  9. Usage of FTK Imager for acquisition of volatile and non-volatile digital evidence through tool demonstration and simulation.
  10. Usage of EnCase for analysis of evidence.

The cyber-crime fundamentals and handling of digital evidence is explained through case scenarios and demonstration/simulation of tools along with Standard Operating Procedures (SOP)

Estimated Effort: 8 Hours

Forensic Track: Intermediate Course

After completing course: Forensic Track: Basic Course


Objective

The digital forensic domain involves forensic acquisition, analysis and reporting of digital artefacts from various digital devices such as computers, smart phones, feature phones, satellite phones, networking devices such as routers & switches, digital cameras, CCTV systems, GPS and other related devices. Digital devices can be volatile in nature and hence it is vital that the experts should know the different methods to collect volatile data. Due to different operating systems used by OEMs and manufacturer’s it is important to cover leading operating system based forensic techniques.

The objective of this course is for law enforcement agencies to gain an intermediate level knowledge of the following topics related to digital forensics:-

  1. Develop Cybercrime Awareness including Legal and Jurisdiction Issues in relation to Digital Forensics .
  2. Understand Live Data / Triaging Forensics for Laptops, Servers and Mobile Phones including overview of various Tools.
  3. Understand Random Access Memory (RAM) Analysis using Triage Tools.
  4. Insight into Windows Forensics including Registry, Data Hiding Locations, Event Log and Forensic Image Analysis.
  5. Overview of Linux & Mac Forensics including Filesystem Forensics.
  6. Understanding Mobile Forensics including various Platforms, Tools, SIM Card Data Extraction and Live Mobile Acquisition.
  7. Understanding Network Forensics including Protocol Analysis, Layer wise Analysis, Flow Analysis and Wireless Analysis.
  8. Malware Analysis and Reverse Engineering using Static, Dynamic, Code and Behavioural Analysis.
  9. Introduction to Virtual Machines and VM Forensics.
  10. Overview of Cloud Forensics including Legal Aspects.
  11. Internet of Things (IOT) Forensics including Smart Watch, Raspberry Pi and Arduino Forensics.
  12. Handling Encrypted Evidence and SOP.
  13. Collecting Artifacts of TOR Browser.

The prerequisite for this course is Digital Forensics Track – Basic Level Course.


Estimated Effort: 15 Hours

Forensic Track: Advanced Course

After completing course: Forensic Track: Intermediate Course


Objective

The solution of most of the advanced cybercrime cases require careful gathering and forensic investigation of digital evidence. Procedures of digital forensics must be known to cyber police personnel in order to open up pathways for investigation and also avoid technical pitfall while handling digital evidence.

The objective of this course is to provide understanding of the following areas relevant to digital forensics:-

  1. Mobile forensics including VOIP,mobile forensics, JTAG & Chip off techniques, forensics analysis of mobile phone data, analysis of mobile application and techniques for lawful interception of mobile phones.
  2. Understand Network Forensics including event log analysis, network device analysis and investigating DoS,phishing &web defacement attacks.
  3. Digital Forensics (Advance Level) using Commercial Tools including live / remote imaging.
  4. Advanced Malware Analysis including lab establishment, static and dynamic analysis of malware and overview of IDA.
  5. Advance Dark web and Cryptocurrency Forensics including TOR Browser, Understanding of crypto technology, blockchain and cryptocurrency analysis.
  6. Cloud Forensics to include cloud artefacts and Cloud Service Provider specific technologies and acquiring evidence from host PC.
  7. Forensics Scripting overview including SQL and SQLite.
  8. CCTV Forensics including SOP and enhancement of CCTV Footage/video clip
  9. Audio/Video Forensics and enhancement of audio / video clips.

The prerequisite for this course is Digital Forensics Track – Intermediate Level Course.